oauth2
oauth2 copied to clipboard
golang
Support "Proof Key for Code Exchange" for Google OAuth2 endpoints
Based on Google docs at https://developers.google.com/identity/protocols/OAuth2InstalledApp Google's OAuth2 end point now supports https://tools.ietf.org/html/rfc7636
What do you think about adding a support for it to this library?
It is possible now to pass code_challenge_method and code_challenge to AuthCodeURL via SetAuthURLParam, so this is fine. But there's no way currently to pass code_verifier to Exchange(...) method.
If you agree this is useful, I can try to prepare a CL and we can discuss details there.
Just jumping in to see if there was any progress on it? If not, I'd like to start a discussion of what people think would be the right solution for this. warning: n00b golang person here.
- Could/Should we add something similar to
AuthCodeOptionfor passing variables toExchange(), alaExchangeOption? - New function definition?
func (c *Config) Exchange(ctx context.Context, code string, opts ...ExchangeOption) (*Token, error) - Code changes, untested, just an on-the-fly sketch from what I'm reading in
oauth2.go:
type ExchangeOption interface {
setValue(url.Values)
}
func SetExchangeURLParam(key, value string) ExchangeOption {
return setParam{key, value}
}
func (c *Config) Exchange(ctx context.Context, code string, opts ...ExchangeOption) (*Token, error) {
v := url.Values{
"grant_type": {"authorization_code"},
"code": {code},
}
if c.RedirectURL != "" {
v.Set("redirect_uri", c.RedirectURL)
}
for _, opt := range opts {
opt.setValue(v)
}
return retrieveToken(ctx, c, v)
}
4: Usage:
codeVerifier := "SOME_STRING"
codeVerifierOption := SetExchangeURLParam("code_verifier", codeVerifier)
token, err := config.Exchange(ctx, code, codeVerifierOption)
What do people think about this approach of mirroring how AuthCodeOption works?
@creack : 👍 Thanks for jumping through the hoops to get this code through the contribution process.
